Port-based network access control allows a network administrator to restrict the use of IEEE 802 LAN service access points (por...
Version: 2020-02-18
module ieee802-dot1x { yang-version 1; namespace "urn:ieee:std:802.1X:yang:ieee802-dot1x"; prefix dot1x; import ieee802-types { prefix ieee; } import ietf-yang-types { prefix yang; } import ietf-interfaces { prefix if; } import ietf-system { prefix sys; } import iana-if-type { prefix ianaift; } import ieee802-dot1x-types { prefix dot1x-types; } organization "Institute of Electrical and Electronics Engineers"; contact "WG-URL: http://www.ieee802.org/1 WG-EMail: stds-802-1-L@ieee.org Contact: IEEE 802.1 Working Group Chair Postal: C/O IEEE 802.1 Working Group IEEE Standards Association 445 Hoes Lane Piscataway NJ 08854 USA E-mail: STDS-802-1-L@LISTSERV.IEEE.ORG"; description "Port-based network access control allows a network administrator to restrict the use of IEEE 802 LAN service access points (ports) to secure communication between authenticated and authorized devices. IEEE Std 802.1X specifies an architecture, functional elements, and protocols that support mutual authentication between the clients of ports attached to the same LAN and secure communication between the ports. The following control allows a port to be reinitialized, terminating (and potentially restarting) authentication exchanges and MKA operation, based on a data model described in a set of YANG modules."; revision "2020-02-18" { description "Updated Contact information."; } revision "2019-06-12" { description "Updates based on comment resolution of the WG ballot of P802.1X-Rev/D1.0."; reference "IEEE Std 802.1X-2020, Port-Based Network Access Control."; } container nid-group { description "Contains both configuration and operational state nodes associated with the PAE NID group."; list pae-nid-group { key "nid"; description "A list that contains the configuration and operational nodes for the network announcement information for the Logon Process."; leaf nid { type dot1x-types:pae-nid; description "Identification of the network or network service."; reference "IEEE 802.1X-2020 Clause 12.5"; } leaf use-eap { type enumeration { enum "never" { value 0; description "Never."; } enum "immediate" { value 1; description "Immediately, concurrently with the use of MKA with any cached CAK(s)."; } enum "mka-fail" { value 2; description "Not until MKA has failed, if a prior CAK has been cached."; } } default "immediate"; description "Determines when the Logon Process will initiate EAP, if the Supplicant and or Authenticator are enabled, and takes one of the above values."; reference "IEEE 802.1X-2020 Clause 12.5"; } leaf unauth-allowed { type enumeration { enum "never" { value 0; description "Never."; } enum "immediate" { value 1; description "Immediately, independently of any current or future attempts to authenticate using the PAE or MKA."; } enum "auth-fail" { value 2; description "Not until an attempt has been made to authenticate using EAP, unless neither the supplicant nor the authenticator is enabled, and MKA has attempted to use any cached CAK (unless the KaY is not enabled)."; } } default "immediate"; description "Determines when the Logon Process will tell the CP state machine to provide unauthenticated connectivity, and takes one of the above values."; reference "IEEE 802.1X-2020 Clause 12.5"; } leaf unsecure-allowed { type enumeration { enum "never" { value 0; description "Never."; } enum "immediate" { value 1; description "Immediately, to provide connectivity concurrently with the use of MKA with any CAK acquired through EAP."; } enum "mka-fail" { value 2; description "Not until MKA has failed, or is not enabled."; } enum "mka-server" { value 3; description "Only if directed by the MKA server."; } } default "immediate"; description "Determines when the Logon Process will tell the CP state machine to provide authenticated but unsecured connectivity, takes one of the above values."; reference "IEEE 802.1X-2020 Clause 12.5"; } leaf unauthenticated-access { type enumeration { enum "no-access" { value 0; description "Other than to authentication services."; } enum "fallback-access" { value 1; description "Limited access can be provided after authentication failure."; } enum "limited-access" { value 2; description "Immediate limited access is available without authentication."; } enum "open-access" { value 3; description "Immediate access is available without authentication."; } } default "no-access"; description "Unauthenticated access capabilities provided by the NID."; reference "IEEE 802.1X-2020 Clause 10.1"; } leaf access-capabilities { type dot1x-types:pae-nid-capabilities; description "Authentication and protection capabilities supported for the NID."; reference "IEEE 802.1X-2020 Clause 10.1"; } leaf kmd { type dot1x-types:pae-kmd; config false; description "The Key Management Domain for the NID."; reference "IEEE 802.1X-2020 Clause 10.4"; } } // list pae-nid-group } // container nid-group } // module ieee802-dot1x
© 2023 YumaWorks, Inc. All rights reserved.